CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1215
https://notcve.org/view.php?id=CVE-2009-1215
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. Condición de carrera en GNU screen v4.0.3, permite a usuarios locales crear y sobreescribir archivos de su elección a través de un ataque de enlace simbólico al archivo temporal /tmp/screen-exchange. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 http://savannah.gnu.org/bugs/?25296 http://www.openwall.com/lists/oss-security/2009/03/25/7 http://www.securityfocus.com/bid/34521 https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 https://bugzilla.redhat.com/show_bug.cgi?id=492104 https://exchange.xforce.ibmcloud.com/vulnerabilities/49887 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1214
https://notcve.org/view.php?id=CVE-2009-1214
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. GNU Screen v4.0.3, crea el archivo temporal /tmp/screen-exchange con permisos de lectura, lo que permite a usuarios locales obtener información sensible. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 http://savannah.gnu.org/bugs/?25296 http://www.openwall.com/lists/oss-security/2009/03/25/7 http://www.securityfocus.com/bid/34521 https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 https://bugzilla.redhat.com/show_bug.cgi?id=492104 https://exchange.xforce.ibmcloud.com/vulnerabilities/49886 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3048 – Screen 4.0.3 (OpenBSD) - Local Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-3048
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue ** IMPUGNADA ** GNU screen 4.0.3 permite a usuarios locales desbloquear la pantalla mediante una secuencia CTRL-C en la línea de comandos. NOTA: múltiples terceras partes han reportado la incapacidad de reproducir este problema. • https://www.exploit-db.com/exploits/4028 http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063706.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063710.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063721.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063728.html https://exchange.xforce.ibmcloud.com/vulnerabilities/34693 •
CVSS: 2.6EPSS: 4%CPEs: 1EXPL: 0CVE-2006-4573
https://notcve.org/view.php?id=CVE-2006-4573
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. Múltiples vulnerabilidades no especificadas en el "manejo de combinaciones de caracteres utf8" (función utf8_handle_comb en encoding.c) en screen anterior a 4.0.3 permite a atacantes con la complicidad del usuario provocar una denegación de servicio (caída o cuelgue) mediante ciertas secuencias UTF8. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html http://secunia.com/advisories/22573 http://secunia.com/advisories/22583 http://secunia.com/advisories/22611 http://secunia.com/advisories/22647 http://secunia.com/advisories/22649 http://secunia.com/advisories/22707 http://secunia.com/advisories/22726 http://secunia.com/advisories/2 •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2003-0972
https://notcve.org/view.php?id=CVE-2003-0972
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. Error de falta de signo en enteros en ansi.c de GNU screen 4.0.1 y anteriores, y 3.9.15 y anteriores, permite a usuarios locales ejecutar código arbitrario mediante un gran número de caractéres ";" (punto y coma) en secuencias de escape, lo que conduce a un desbordamiento de búfer. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000809 http://groups.yahoo.com/group/gnu-screen/message/3118 http://marc.info/?l=bugtraq&m=106995837813873&w=2 http://secunia.com/advisories/10539 http://www.debian.org/security/2004/dsa-408 http://www.mandriva.com/security/advisories?name=MDKSA-2003:113 •